Authorization form to someone else's site

Started by nick_sinigamy, Jul 10, 2022, 01:59 AM

Previous topic - Next topic

nick_sinigamyTopic starter

Is it possible (without any api) to create an authorization form on my site when entering data into which you could log in to another site? (For example, in Facebook or in twitter)


Yes, it is possible, and often it does not pose any difficulties.
Just indicate the URL you need in the action attribute of the forum, and it's done. This is partly why phishing exists.
Moreover, it is not at all necessary to create a website, you can do exactly the same thing in a local form in an html file. I'm already silent, how often this is used for not legitimate purposes.


It seems to me that all a normal password manager (embedded in a browser or extension) needs to work is the presence of a login web form with more or less standard field names on the page immediately when it is opened and that it is these fields that the user fills in. And how and in what order the fields are displayed should not worry him.
What difference does it make whether they are visible or not if he has access to the DOM, in which he can easily find a form, fill it out and send it. Problems arise only if the fields are generated dynamically from the code. That's really what you need to do atatat for.
And how the authors of the page with the ways to display the login form are there, if it already exists somewhere on the page, is not the point of it. In extreme cases, you can always make a web form on a separate page, but display it in a frame without leaving the active one.